CWE:
 

Topic
Date
Author
Med.
OpenDaylight SQL Injection
25.05.2018
Jameel Nabbo
Med.
Library CMS 1.0 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
School Management System CMS 1.0 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
SAT CFDI 3.3 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
PHP Dashboards 4.5 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
Shipping System CMS 1.0 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
GPSTracker 1.0 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
Gigs 2.0 SQL Injection
25.05.2018
Ozkan Mustafa Akkus
Med.
EU MRV Regulatory Complete Solution 1 SQL Injection
25.05.2018
Veyselxan
Med.
Mcard Mobile Card Selling Platform 1 SQL Injection
24.05.2018
L0RD
Med.
MySQL Blob Uploader 1.7 Cross Site Scripting / SQL Injection
24.05.2018
Ozkan Mustafa Akkus
Med.
MySQL Smart Reports 1.0 Cross Site Scripting / SQL Injection
24.05.2018
Ozkan Mustafa Akkus
Med.
NewsBee CMS 1.4 home-text-edit.php SQL Injection
23.05.2018
Özkan Mustafa Akkuş
Med.
Easy File Uploader 1.7 SQL Injection / Cross-Site Scripting
23.05.2018
Özkan Mustafa Akkuş
Med.
Auto Dealership And Vehicle Showroom WebSys 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Med.
Model Agency Media House And Media Gallery 1.0 XSS / CSRF / SQL Injection
22.05.2018
Borna Nematzadeh
Med.
Karenderia Multiple Restaurant System < 4.5 Blind SQL Injection
22.05.2018
telahdihapus
Med.
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
21.05.2018
Sina Kheirkhah
Med.
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
18.05.2018
Borna Nematzadeh
Med.
NodAPS 4.0 SQL injection / Cross-Site Request Forgery
18.05.2018
L0RD
High
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
15.05.2018
Imre Rad
Med.
Joomla com_training SQL Injection Vulnerability
11.05.2018
j!h4dDZ
Med.
Soleixa Communication Sql İnjection Vulnerability
09.05.2018
TrazeR
Med.
Designed and Developed by Cloud Innovators Solution SQL Injection
06.05.2018
Mehdi Razmjoo
Med.
Creative Commons Attribution 4.0 SQL Injection
06.05.2018
Mehdi Razmjoo
Med.
Web design & development by: svc & smorkov SQL Injection Vulnerability
06.05.2018
Mehdi Razmjoo
Med.
Design Bbsession SQL Injection
06.05.2018
Mehdi Razmjoo
Med.
CSP MySQL User Manager 2.3.1 SQL Injection
05.05.2018
Youssef mami
Med.
WebAgentSolutions SQL Injection
04.05.2018
B4B4NN
Med.
Design by Chichen SQL Injection Vulnerability
29.04.2018
Mehdi Razmjoo
Med.
Website by cgCraft llc SQL Injection Vulnerability
29.04.2018
Mehdi Razmjoo
Med.
HRSALE The Ultimate HRM v1.0.2 award_id SQL Injection
26.04.2018
8bitsec
Med.
MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection
19.04.2018
Keerati T.
Med.
Golem [CMS] v1.0 - SQL Injection
17.04.2018
TukangSihir
Med.
Cobub Razor 0.8.0 SQL injection
17.04.2018
Kyhvedn
Low
iran Info SQL Injection Vulnerability
14.04.2018
#iran#
Med.
IMP XForm 2.0 DatalifeEngine SQL Injection
13.04.2018
Hesam Bazvand
Med.
Relevanssi 3.5.12 / 3.6.0 SQL Injection
12.04.2018
Glyn Wintle
Med.
OCS Inventory NG ocsreports 2.4 / 2.3.1 SQL Injection
11.04.2018
Simon Bieber
Med.
ICS Site Building / SQL Injection Vulnerability in Search Bar
10.04.2018
Mehdi Razmjoo
Med.
Design & Hosting by Mando Hosting / SQL Injection
10.04.2018
Mehdi Razmjoo
Med.
Template by OS Templates SQL Injection vulnerability
07.04.2018
Mehdi Razmjoo
Med.
dgnet cms SQL Injection
04.04.2018
Ashiyane Digital Secur...
Med.
Israel Info SQL Injection Vulnerability
02.04.2018
Ismail Tasdelen
Med.
NSWEB Admin Login Panel SQL Injection Authentication Bypass
02.04.2018
Ismail Tasdelen
Med.
Developed By Webbizasia Sql Injection Vulnerability
30.03.2018
Mehdi Razmjoo
Med.
Square 9 GlobalForms 6.2.x Blind SQL Injection
30.03.2018
Darrell Damstedt
Med.
Drupal 7.0 < 7.31 Drupalgeddon SQL Injection (Admin Session)
30.03.2018
Stefan Horst
Med.
Powered By ALFINE IT Solution SQL Injection Vulnerability
26.03.2018
Mehdi Razmjoo
Med.
Yahoo Small Business - SQL Injection Vulnerability
22.03.2018
Mehdi Razmjoo
Med.
RealWebIdea CMS SQL Injection Vulnerability
18.03.2018
Mehdi Razmjoo
Med.
TextPattern 4.6.2 qty SQL Injection
13.03.2018
Manuel García Cárden...
Med.
Tuleap 9.17.99.189 SQL Injection
13.03.2018
Cristiano Maruti
Med.
DL Tech CMS SQLi Vulnerability
11.03.2018
Ali Abdollahi
Med.
SoftHof CMS SQLi Vulnerability
11.03.2018
Ali Abdollahi
Med.
Bacula-Web < 8.0.0-rc2 SQL Injection
10.03.2018
Gustavo Sorondo
High
ClipBucket < 4.0.0 Release 4902 Command Injection / File Upload / SQL Injection
06.03.2018
Ahmad Ramadhan Amizudi...
Med.
Joomla! 3.7 SQL Injection
03.03.2018
Manish Tanwar
Med.
Journal of the College of Physicians and Surgeons Pakistan SQL Injection
03.03.2018
Ali Abdollahi
Med.
Cloud Innovators Solution SQL Injection
02.03.2018
Ali Abdollahi
Med.
City District Government, Multan SQL Injection
01.03.2018
Ali Abdollahi
Med.
ASFAA organization SQL Injection
01.03.2018
Ali Abdollahi
Med.
CMS Vinsystech.com - SQL Injection Vulnerability
28.02.2018
Renzi
Med.
Asanhamayesh CMS 3.4.6 SQL injection
26.02.2018
Ali Abdollahi
Med.
Global IT Support Pvt. Ltd CMS SQL injection vulnerability
25.02.2018
Mehdi Razmjoo
Med.
MagicNines Infotech Pvt. Ltd - SQL Injection Vulnerability
25.02.2018
The Shadow Walkers
Med.
Hamayeshnegar CMS SQL injection
24.02.2018
Ali Abdollahi
Med.
Joomla! Component OS Property Real Estate 3.12.7 SQL Injection
23.02.2018
Ihsan Sencan
Med.
Joomla! Component PrayerCenter 3.0.2 sessionid SQL Injection
23.02.2018
Ihsan Sencan
Med.
Joomla! Component CheckList 1.1.1 SQL Injection
23.02.2018
Ihsan Sencan
Med.
Joomla! Component Alexandria Book Library 3.1.2 letter SQL Injection
23.02.2018
Ihsan Sencan
Med.
Joomla! Component Ek Rishta 2.9 SQL Injection
23.02.2018
Ihsan Sencan
Med.
Gold MOVIES v1.2 SQL Injection Vulnerability
23.02.2018
indoushka
Med.
Gravigra v1.0 product.php Sql injection Vulnerability
23.02.2018
indoushka
Med.
Joomla! Component CW Tags 2.0.6 SQL Injection
22.02.2018
Ihsan Sencan
Med.
EPIC MyChart SQL Injection
17.02.2018
Shayan S
Med.
TV Video Subscription SQL Injection
17.02.2018
Borna Nematzadeh
Med.
Joomla! Saxum Numerology 3.0.4 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! SquadManagement 1.0.3 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Timetable Responsive Schedule For Joomla 1.5 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla ccNewsletter 2.x.x SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! MediaLibrary Free 4.0.12 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! SimpleCalendar 3.1.9 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! JTicketing 2.0.16 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! JS Jobs 1.1.9 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! JGive 2.0.9 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! InviteX 3.0.5 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! JS Autoz 1.0.9 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Solidres 2.5.1 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Project Log 1.5.3 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Realpin 1.5.04 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Saxum Astro 4.0.14 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! JquickContact 1.3.2.2.1 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Google Map Landkarten 4.2.3 SQL Injection
17.02.2018
Ihsan Sencan
Med.
Joomla! Gallery WD 1.3.6 SQL Injection
17.02.2018
Ihsan Sencan
Med.
dotCMS 3.7.1 SQL Injection
16.02.2018
Elar Lang
Med.
Ciesto Solutions ERP System SQL Injection
13.02.2018
Faraday_U_24B6
Med.
Readymade Video Sharing Script 3.2 SQL Injection
13.02.2018
Varun Bagaria
Med.
Readymade Video Sharing Script 3.2 search SQL Injection
12.02.2018
Varun Bagaria
Med.
Naukri Clone Script 3.0.3 indus SQL Injection
10.02.2018
Borna nematzadeh


CVEMAP Search Results

CVE
Details
Description
2018-04-26
Medium
CVE-2017-1722

Vendor: IBM
Software: Qradar secur...
 

 
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.

 
2018-04-25
Low
CVE-2018-9102

Vendor: Mitel
Software: Mivoice connect
 

 
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.

 
2018-04-22
High
CVE-2018-9245

Vendor: Ericssonlg
Software: Ipecs nms
 

 
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.

 
Medium
CVE-2017-17902

Vendor: Kliqqi
Software: Kliqqi cms
 

 
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.

 
2018-04-20
Medium
CVE-2018-1289

Vendor: Apache
Software: Fineract
 

 
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization.

 
Medium
CVE-2018-1290

Vendor: Apache
Software: Fineract
 

 
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

 
Medium
CVE-2018-1291

Vendor: Apache
Software: Fineract
 

 
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization.

 
Medium
CVE-2018-1292

Vendor: Apache
Software: Fineract
 

 
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.

 
2018-04-19
Medium
CVE-2018-10225

Vendor: Thinkphp
Software: Thinkphp
 

 
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.

 
2018-04-17
Medium
CVE-2018-8734

Updating...
 

 
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top